[Bro] issue with bro size

Matthias Vallentin vallentin at icir.org
Fri Mar 25 07:48:18 PDT 2016 

> I am a new user of Bro and I have some questions: 

Welcome aboard!

> I have read that in the next version of Bro, the BroKer communication
> system will be included in the installation. 
> -When is the next release of Bro ? Will Broccoli be deleted ?

The next release of Bro, version 2.5, is contingent on a stable running
integration with Broker. We will also deprecate Broccoli as soon as we
make Broker the default communication component.

> When I install Bro with the option ./configure --enable-broker, my Bro
> directory is about 1.5Gb. Otherwise, it is about 180Mb. At the same
> time, the binary is about the same size (145Mb).
> -Why such a difference ?

Can you give us more detail what files contribute to the increase in
size? What happens when you remove debugging symbols (i.e., remove the
-g switch from the compilation process)? Note that debugging symbols do
not have any runtime overhead during execution.

> Moreover, when I use all the other --disabled options, the difference
> is not that important (about 200Mb). -Is it normal ? Are there any
> other options that would allow us to reduce the size of the program ?
> We plan to use Bro on constrained devices with the BroKer library. 

My hunch is that Broker (and in particular CAF) generates huge symbol
tables, due to the excessive amount of C++ template code and insane name
mangling.

> I have found some documentation about Broccoli security options. But I
> have not found any documentation regarding BroKer security options.
> -Does it use also SSL ? In which communications ? Are there some
> differences with Broccoli concerning security ? Could we find
> documentation about security protocols used by BroKer communications ?

At this point Broker does not support encryption, but it's on our TODO
list. Once the underlying communication library CAF supports encryption,
it will be rather simple to simple to lift it into Broker. We hope that
TLS support will make it into the next release, but it's not clear at
this point.

    Matthias

More information about the Bro mailing list